3 matches found
CVE-2026-40881
Zebra/Zebrad deserialization flaw CVE-2026-40881: when parsing addr or addrv2 messages, Zebra would deserialize vectors of addresses up to about 233k entries due to MAX_ADDRS_IN_MESSAGE checking being performed after deserialization. This could exhaust memory and crash a node under network load. ...
CVE-2026-34202
ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-chain version 6.0.1, a vulnerability in Zebra's transaction processing logic allows a remote, unauthenticated attacker to cause a Zebra node to panic crash. This is triggered by sending a specially crafted V5...
CVE-2026-34377 Zebra has a Consensus Failure due to Improper Verification of V5 Transactions
ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-consensus version 5.0.1, a logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By matching a valid transaction's txid while providing invalid...